On Tue, Jun 09, 2015 at 07:23:43PM +0000, Viktor Dukhovni wrote: > On Tue, Jun 09, 2015 at 02:26:20PM -0400, Forrest wrote: > > > >So that log entry might be for the submission port, unless you've > > >configured it along the lines above. > > > > I believe this is already set in my master.cf, which is: > > > > smtp inet n - n - - smtpd > > submission inet n - n - - smtpd > > -o syslog_name=postfix/submission > > -o smtpd_tls_security_level=may > > In that case, consider disabling SASL auth by default (main.cf), > and enabling it only for the submission service. That should > eliminate all the port 25 SASL attacks.
This is something I've recently had to do to allow mail from "the world" while firewalling off everything except "nearby" to authenticate via the submission port. The bruteforcers were overwhelming my authentication database. I just added "-o smtpd_sasl_auth_enable=no" to the smtp entry in master.cf. This led to a lot of support calls from users with outlook set to use port 25 for submission. I've been looking for, but haven't found, yet, a postfix option that would delay x seconds after a failed auth attempt. We still use fail2ban, but the botnets are just too large. -- Scott Lambert KC5MLE Unix SysAdmin lamb...@lambertfam.org
